In some long-forgotten cave, you’ve come across a strange relic of the distant past. Can you reawake it and uncover its secrets?

Category: rev

Solver: lmarschk, t0b1

Flag: HTB{c0r3_dump5_4r3_c00l_f0r_d3bugg1ng}


Coredump and original script given.
Script encrypts a flag, then aborts to generate coredump.
Coredump still contains the key.
We can get the start of the key by XORing the HTB{ string with the given encrypted flag.
Using the start of the key, we can search the coredump for the original key.


def encrypt(k, t):
    return bytes([a^b for a,b in zip(k, t)])

HTB = b'HTB{'

with open('core', 'rb') as c:
    coredump =

with open('flag.enc', 'rb') as f:
    encrypted_flag =

partial_key = encrypt(encrypted_flag, HTB)
key_start = coredump.find(partial_key)
key = coredump[key_start:key_start+100]

flag = encrypt(key, encrypted_flag)
print('Flag is coming:')